Re: Subseven Scans

From: Baribault, Gary (garyat_private)
Date: Mon Aug 12 2002 - 12:12:30 PDT

Next message: Rob Keown: "RE: Subseven Scans"

Previous message: Preston Kutzner: "Re[2]: Subseven Scans"
In reply to: Preston Kutzner: "Re: Subseven Scans"
Next in thread: H C: "Re: Subseven Scans"
Next in thread: Rob Keown: "RE: Subseven Scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hum .. I just found a bunch of 27374 on one of my SDSL link with a few of 
the 12345 scans. This link's firewall is allways way more active. My second 
is an ADSL and it's usually quieter, this one has no 12345 but a few 27374.

Gary B

At 11:08 AM 8/12/2002 -0500, Preston Kutzner wrote:
>Hello Rob,
>
>Sunday, August 11, 2002, 8:42:50 AM, you wrote:
>
>RK> Anyone else seeing a huge increase in subseven scans...6708 since about
>RK> 0300Z - across all of my class C's and from quite a few sources 
>(running the
>RK> query now to see how many).
>
>RK> Rob
>
>
>RK> 
>----------------------------------------------------------------------------
>RK> This list is provided by the SecurityFocus ARIS analyzer service.
>RK> For more information on this free incident handling, management
>RK> and tracking system please see: http://aris.securityfocus.com
>
>I've seen quite a bit of traffic on ports tcp/12345 and tcp/27374.
>According to what I've seen, 27374 is a port used by quite a few
>versions of SubSeven, as for 12345, it's not mentioned that subseven
>runs on that port (that I've seen), but I am seeing attempted
>connections to these ports at the same time (maybe some other vuln
>attempt I'm not aware of?  anyone?).  Hope that helps.
>
>--
>Preston Kutzner | IT Manager
>Marketing Resources, Inc.
>
>_________________________________________________________________
>The information transmitted is intended only for the person or entity to
>which it is addressed and may contain confidential and/or privileged
>material.  Any review, retransmission, dissemination or other use of, or
>taking of any action in reliance upon, this information by persons or
>entities other than the intended recipient is prohibited.   If you received
>this in error, please contact the sender and delete the material from any
>computer.
>
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus ARIS analyzer service.
>For more information on this free incident handling, management
>and tracking system please see: http://aris.securityfocus.com


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Rob Keown: "RE: Subseven Scans"
Previous message: Preston Kutzner: "Re[2]: Subseven Scans"
In reply to: Preston Kutzner: "Re: Subseven Scans"
Next in thread: H C: "Re: Subseven Scans"
Next in thread: Rob Keown: "RE: Subseven Scans"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 12 2002 - 15:06:07 PDT